Several days passed without me noticing anything wrong. In the meantime, as it turns out, the Mini was behaving very differently from all the other Homes and Echos in my home – it was waking up thousands of times a day, recording, then sending those recordings to Google. All of this was done quietly, with only the four lights on the unit I wasn’t looking at flashing on and then off.

[…]

Further clarifications arrived. The Google Home Mini supports hotword activation through a long press on the touch panel. This method allows people to activate the Google Assistant without saying the hotword. On a very small number of Google Home Mini devices, Google is seeing the touch panel register “phantom” touch events.

In response, the updated software disables the long press to activate the Google Assistant feature. Once the Google Home Mini devices receive the updated software, all long press events (real or phantom) will be ignored and Google Assistant will not be invoked accidentally.

I’m not paranoid, but it’s events like these that shake my confidence in the security of ambient audio-based assistant devices. Google’s a big company, and something like this really should have been caught far earlier; bugs like these — and, for what it’s worth, the malfunctioning LTE bug that affected the Apple Watch — suggest that far more thorough quality assurance processes are necessary.

While it would certainly have been much better if the issue never existed in the first place, the speed and finality of Google’s response to the controversy certainly deserve praise from the technology industry and its customers.

Why, exactly, should we praise Google for this? A fast reaction is the bare minimum response anyone should expect for a device that’s unintentionally always recording and uploading audio in the background. I don’t see anything particularly praiseworthy about not including a bug that enables such an egregious privacy violation on a shipping device.